ORM is a subset of Enterprise Risk Management (ERM). More specifically, ORM addresses operational and compliance risks and is thought of as an extension of process safety. The goal of ERM is to mitigate financial, operational and compliance risks to an acceptable level through policies, systems and procedures.
In effect as the market has moved away from compliance to risk management, ORM is an evolution of traditional EHS compliance. In traditional ERM vs. ORM language, ORM is focused on everything that is non-financial in nature… although as we’ve discussed, in reality all types of risk have the potential for financial impact.
This shift has largely been driven by companies starting to plateau in safety and environmental performance (i.e. Total Recordable Incident Rate). To make risk management more practical, companies are starting to broaden their view of risk management to include non-EHS areas such as supply chain, operations, maintenance, capital projects, and engineering. The outcome is a risk registry that looks at all operational risks through a lens that creates a level playing field to properly prioritizing and actioning issues in real-time. While EHS / PSM compliance are foundational to privilege to operate, having a comprehensive ORM framework goes far toward getting away from after the fact “reactive” compliance is key in identifying threats before they materialize.
The current view of ORM that seems to permeate the analyst community is primarily focused on traditional EHS compliance activities such as Audit, PHA, Incident Investigation, and Corrective Action Management. Other tools such as Bowtie analysis and work permitting are added into the viewpoint…but the focus is still firmly on traditional, siloed tactics specific to EHS or compliance activities. Because EHS and compliance do not focus on risk of production loss through inefficiencies, poor asset management, workforce competency, and conduct of operations, the typical EHS-first view of ORM doesn’t really address real risks that can have significant impact on an organization’s future.
OS comprehensively addresses all aspects of ORM in our Operational Risk Maturity Roadmap:
One key aspect of the 2nd phase of maturity for ORM is Human Performance. Core elements of OS’s Human Performance model include: Organizational / Personnel Change, Competency Management, Training, Human Factor Analysis, and Procedure Management.
For optimal Human Performance, people have to know what to do, how to do it, when to do it, and what permits and approvals are required from whom. To accomplish this, solid management systems with accurate, current, and readily accessible policies and procedures are critically important.
Key Factors that OS addresses in its Human Performance model include:
In its simplest form, Enterprise Risk Management (ERM) is the holistic business approach an entity uses to manage the various threats and opportunities it encounters while accomplishing its mission. Risk is defined as any event that impacts a company’s ability to meet its objectives (losses and opportunities). So, creating an enterprise level system to manage risk (an ERM system) allows an organization to transparently communicate business risk to internal and external stakeholders… but it should not be confused with Operational Risk Management.
OESuite® Business Benefits for Operational Risk Management
As the plant alignment and operational needs change, having an integrated mobile solution that enables EH&S, Maintenance, and Operations to collaborate is mission critical. From initiating work orders, to beginning an incident investigation, having access to information as conditions change, is critical to making the right decision, at the right time, in the field. The result is lower risk, safer startup, less delays in shutdowns, and improved efficiency and effectiveness.
At Operational Sustainability®, we help you devise a strategy for Operational Risk Management. From Process Safety, to cultural alignment coupled with ORM, we have you to ensure your privilege to operate is not at risk. We help create a comprehensive risk registry so that as threats emerge in real-time you are proactively notified so that you can evaluate mitigation options.
OESuite® Integrations / Connectors
ORM is an extension of PSM/RMP. Basic ORM as depicted in the maturity roadmap addresses core compliance activities including Work Permitting, Job Safety Analysis, Barrier Management and Management of Change. OESuite™ integrations to support Basic ORM include: Incidents with MOCs; PHAs, Audits and Incidents with Corrective and Preventative Action (CAPA); and Barrier Management with Incident Investigation.
Additional integrations move to a single source of truth in the Core and Advanced maturity stages of ORM. For example, in the Core stage, a risk registry begins to take shape as a result of interoperability, with the Advanced stage leading to Asset Performance Management and Comprehensive Conduct of Operations.
OESuite integrations that support these maturity advancements include:
Procedures with Document Management and Process Safety Information for comprehensive Engineering Content Management
Organizational Change with MOC
Incident Management with Production Losses to enable Enterprise Loss Management
SIS and Alarm Management with PHA to complete the safety lifecycle
Spares Optimization as an extension of RCM
Asset Performance management as the result of Asset Strategy combined with Mechanical Integrity